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1 . (previously presented) In a network comprising a first electronic devic e 
and a s e cond electronic device, a method A method for authenticating access 
to a controlled network, said m e thod comprising: 

a) authenticating s a i d s e cond e l e ctronic device to said first 
e lectronic device, said first electronic device an authentication server to an 
unauthenticated client device communicatively coupled to said s e cond 
electronic device, said s e cond e lectronic device an the authentication server; 

electronic device, said first el e ctronic devic e a the unauthenticated client 
device to the authentication server to produce an authenticated client device ; 

c) determining generating a key at said first electronic device and 
at said s e cond electronic device the authenticated client device and the 
authentication server ; and 

d) authenticating a user to a central authentication server using the 
authenticated client device and trie key . 

2. (withdrawn) The method of Claim 1 wherein said first electronic device is 
a client device and said second electronic device is a network device. 

3. (withdrawn) The method of Claim 2 wherein said step a) comprises: 

receiving a first message from said client device at said network 
device, said first message comprising a device identifier and a first random 
number; 

receiving a second message from said network device at said client 
device, said second message comprising a second random number and a first 
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digest, said first digest comprising a one-way hash function operating on 
said first random number, said device identifier, and a first secret shared 
between said network device and said client device; 

determining a second digest at said client device, said second digest 
comprising a one-way hash function operating on said first random number, 
said device identifier, and said first secret; 

comparing said first digest to said second digest at said client device; 

and 

provided said first digest matches said second digest, authenticating 
said network device to said client device. 

4. (withdrawn) The method of Claim 2 wherein said step b) comprises: 

receiving a third message from said client device at said network 
device, said third message comprising a third digest, said third digest 
comprising a one-way hash function operating on said second random 
number, said device identifier, and said first secret; 

determining a fourth digest at said network device, said fourth digest 
comprising said second random number, said device identifier, and said first 
secret; 

comparing said third digest to said fourth digest at said client device; 

and 

provided said third digest matches said fourth digest, authenticating 
said client device to said network device. 

5. (withdrawn) The method as recited in Claim 2 wherein step c) comprises: 

determining a fifth digest at said network device, said fifth digest 
comprising said device identifier received from said client device, said first 
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secret, said first random number, and said second random number, said fifth 
digest from which said network device selects bits and determines said key; 
and 

calculating a sixth digest at said client device, said sixth digest 
comprising said device identifier, said first secret, said first random number 
and said second random number, said sixth digest from which said client 
device selects bits and determines said key. 

6. (withdrawn) The method as recited in Claim 2 wherein said step d) 
comprises: 

transmitting a request for a user_name and a user_credentials to said 
client device. 

sending said username and said user_credentials to said network 
device from said client device; 

forwarding said user_name and said user_credentials to said central 
authentication server from said network device; and 

employing said user name and said user_credentials for 
authenticating said user at said central authentication server. 

7. (withdrawn) The method as recited in Claim 6 further comprising: 

provided said user is authenticated at said central authentication 

server: 

sending a success message to said network device at said 
central authentication server; 

forwarding said success message to said client device at said 
network device; 

allowing said client device to access said controlled network at 
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said network device; and 

provided said user is not authenticated at said central authentication 
server: 

sending a failure message to said network device at said central 
authentication server; 

forwarding said failure message to said client device at said 
network device; 

disallowing said client device access to said controlled network 
at said network device. 

8. (currently amended) The method as recited in Claim 1 wherein said 
authentication server is-a is the central authentication server. 

9. (currently amended) The method of Claim 8 wherein a network device is 
employed for providing an interface between said unauthenticated client 
device and said central authentication server. 

10. (currently amended) The method of Claim 9 wherein step a) comprises: 

receiving a first standard message from said unauthenticated client 
device at said network device; 

forwarding said first standard message to said central authentication 
server from said network device; and 

receiving said first standard message from said network device at said 
central authentication server whereby said unauthenticated client device is 
identified to said central authentication server. 
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11. (currently amended) The method as recited in Claim 10 further 
comprising: 

sending a second standard message to said network device from said 
central authentication server; and 

forwarding said second standard message to said 
unauthenticated client device from said network device, whereby said 
central authentication server is authenticated to said unauthenticated client 
device. 

12. (currently amended) The method as recited in Claim 10 wherein said 
step c) comprises; 

sending a third standard message to said network device from said 
Lmauthenticated client device; and 

forwarding said third standard message to said central authentication 
server from said network device, whereby said unauthenticated client device 
is authenticated to said central authentication server as the authenticated 
client device . 

13. (original) The method as recited in Claim 10 wherein said first standard 
message comprises a standard EAP-TLS protocol message. 

14. (original) The method as recited in Claim 1 1 wherein said second 
standard message comprises a key exchange from said central authentication 
server to said client device. 

1 5. (original) The method as recited in Claim 1 1 wherein said second 
standard message comprises a standard EAP-TLS protocol message. 
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16. (original) The method as recited in Claim 12 wherein said third standard 
message comprises a key exchange from said client device to said central 
authentication server. 

17. (original) The method as recited in Claim 12 wherein said third standard 
message comprises a standard EAP-TLS protocol message. 

18. (original) The method as recited in Claim 1 wherein said first electronic 
device and said second electronic device are communicatively coupled by a 
wireless connection. 

19. (original) The method as recited in Claim 1 wherein said first electronic 
device and said second electronic device are communicatively coupled by a 
wired connection. 

20. (withdrawn) The method as recited in Claim 2 wherein said network 
device is a wireless network access point. 

21. (currently amended) A computer system network comprising: 

a central authentication server for authenticating a user to send or 
recei ve information over a computer system network; 

a firot electronic an unauthenticated client device coupled to said 
network; and 

a s e cond - e l e ctr o n i o ' d e vic e network access p oint coupled to said 
central authentication server; 

said central authentication server, said first electronic unauthenticated 
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client device and said second electronic device network access point 
operating in conjunction to perform a method of authenticating access to a 
controlled network, said method comprising: 

a) authenticating said second e lectronic d e vic e network access 
point to said first el e ctronic unauthenticated client device, said &st 
electronic unauthenticated client device communicatively coupled to said 
second electronic device network access point ; 

b) authenticating said first e lectronic unauthenticated client device 
to said s econd - e l ectronic device network access point to produce an 
authenticated client device ; 

c) determining a key at said first e l e ctronic d e vice authenticated 
client device and at said second electronic device network access point ; and 

d) authenticating a user to said central authentication serve r using 
the authenticated client device and the key , 

22. (withdrawn) The method of Claim 21 wherein said first electronic device 
is a client device and said second electronic device is a network device. 

23. (withdrawn) The method of Claim 22 wherein said step a) comprises: 

receiving a first message from said client device at said network 
device, said first message comprising a device identifier and a first random 
number; 

receiving a second message from said network device at said client 
device, said second message comprising a second random number and a first 
digest, said first digest comprising a one-way hash function operating on 
said first random number, said device identifier, and a first secret shared 
between said network device and said client device; 
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determining a second digest at said client device, said second digest 
comprising a one-way hash function operating on said first random number, 
said device identifier, and said first secret; 

comparing said first digest to said second digest at said client device; 

and 

provided said first digest matches said second digest, authenticating 
said network device to said client device, 

24. (withdrawn) The method of Claim 22 wherein said step b) comprises: 

receiving a third message from said client device at said network 
device, said third message comprising a third digest, said third digest 
comprising a one-way hash function operating on said second random 
number, said device identifier, and said first secret; 

determining a fourth digest at said network device, said fourth digest 
comprising said second random number, said device identifier, and said first 
secret; 

comparing said third digest to said fourth digest at said client device; 

and 

provided said third digest matches said fourth digest, authenticating 
said client device to said network device. 

25. (withdrawn) The method as recited in Claim 22 wherein step c) 
comprises: 

determining a fifth digest at said network device, said fifth digest 
comprising said device identifier received from said client device, said first 
secret, said first random number, and said second random number, said fifth 
digest from which said network device selects bits and determines said key; 
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and 

calculating a sixth digest at said client device, said sixth digest 
comprising said device identifier, said first secret, said first random number 
and said second random number, said sixth digest from which said client 
device selects bits and determines said key. 

26. (withdrawn) The method as recited in Claim 22 wherein said step d) 
comprises: 

transmitting a request for a username and a user_credentials to said 
client device. 

sending said username and said user_credentials to said network 
device from said client device; 

forwarding said user name and said user_credentials to said central 
authentication server from said network device; and 

employing said username and said user_credentials for 
authenticating said user at said central authentication server. 

27. (withdrawn) The method as recited in Claim 26 further comprising: 

provided said user is authenticated at said central authentication 
server: 

sending a success message to said network device at said 
central authentication server; 

forwarding said success message to said client device at said 
network device; 

allowing said client device to access said controlled network at 
said network device; and 

provided said user is not authenticated at said central authentication 
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server: 

sending a failure message to said network device at said central 
authentication server; 

forwarding said failure message to said client device at said 
network device; 

disallowing said client device access to said controlled network 
at said network device. 

28. (currently amended) The method as recited in Claim 21 wherein said 
first electronic device is a client device and said second electronic device is a 
network device, said network d e vice a network access point is a wireless 
access point . 

29. (currently amended) The method of Claim 28 claim 21 wherein a 
network device is employed for providing the network access point is an 
interface between said authenticated client device and said central 
authentication server. 

30. (currently amended) The method of Claim 29 wherein step a) comprises: 

receiving a first standard message from said unauthenticated client 
device at said network d e vice ' access point; 

forwarding said first standard message to said central authentication 
server from said network device access point ; and 

receiving said first standard message from said network device access 
point at said central authentication server whereby said unauthenticated 
client device is identified to said central authentication server. 
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3 1 . (currently amended) The method as recited in Claim 30 further 
comprising: 

sending a second standard message to said network device access 
point from said central authentication server; and 

forwarding said second standard message to said unauthenticated 
client device from said network ^eviee access point , whereby said central 
authentication server is authenticated to said unauthenticated client device. 

32. (currently amended) The method as recited in Claim 30 wherein said 
step c) comprises: 

sending a third standard message to said network device from said 
unauthenticated client device; and 

forwarding said third standard message to said central authentication 
server from said network device access point, whereby said unauthenticated 
client device is authenticated to said central authentication server. 

33. (original) The method as recited in Claim 30 wherein said first standard 
message comprises a standard EAP-TLS protocol message. 

34. (original) The method as recited in Claim 3 1 wherein said second 
standard message comprises a key exchange from said central authentication 
server to said unauthenticated client device. 

35. (original) The method as recited in Claim 31 wherein said second 
standard message comprises a standard EAP-TLS protocol message. 
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36. (currently amended) The method as recited in Claim 32 wherein said 
third standard message comprises a key exchange from said unauthenticated 
client device to said central authentication server. 

37. (original) The method as recited in Claim 32 wherein said third standard 
message comprises a standard EAP-TLS protocol message. 

38. (currently amended) The method as recited in Claim 21 wherein said 
fest-elee - trome unauthenticated client device and said second -electron ic 
device network access point are communicatively coupled by a wireless 
connection. 

39. (currently amended) The method as recited in Claim 21 wherein said 
first e l e ctronic unauthenticated client device and said s e cond eleetrogi ie 
device network access point are communicatively coupled by a wired 
connection. 

40. (withdrawn) The method as recited in Claim 22 wherein said network 
device is a wireless network access point. 

41. (currently amended) In a computer-usable medium having computer- 
readable program code embodied therein, a computer-implemented method 
for authenticating a first electronic an unauthenticated client device and a 
s e cond e l e ctronic devic e network access point said method comprising: 

a) authenticating said s e cond electronic device network access 
point to said fir st electro nic unauthenticated client device, said -fost 
electronic unauthenticated client device communicatively coupled to said 
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se eeed- e l e etr - OH i e - gt e v i e e network access point; 

b) authenticating said first e lectronic unauthenticated client device 
to said second electronic device network access point to produce an 
authenticated client device ; 

c) determining a key at said first electronic authenticated client 
device and at said second- e l ectronic de v ice network access point; and 

d) authenticating a user of the authenticated client device to a 
central authentication server. 

42. (withdrawn) The computer implemented method of Claim 41 wherein 
said first electronic device is a client device and said second electronic 
device is a network device. 

43. (withdrawn) The computer implemented method of Claim 42 wherein 
said step a) comprises: 

receiving a first message from said client device at said network 
device, said first message comprising a device identifier and a first random 
number; 

receiving a second message from said network device at said client 
device, said second message comprising a second random number and a first 
digest, said first digest comprising a one-way hash function operating on 
said first random number, said device identifier, and a first secret shared 
between said network device and said client device; 

determining a second digest at said client device, said second digest 
comprising a one-way hash function operating on said first random number, 
said device identifier, and said first secret; 

comparing said first digest to said second digest at said client device; 
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and 

provided said first digest matches said second digest, authenticating 
said network device to said client device. 

44. (withdrawn) The computer implemented method of Claim 42 wherein 
said step b) comprises: 

receiving a third message from said client device at said network 
device, said third message comprising a third digest, said third digest 
comprising a one-way hash function operating on said second random 
number, said device identifier, and said first secret; 

determining a fourth digest at said network device, said fourth digest 
comprising said second random number, said device identifier, and said first 
secret; 

comparing said third digest to said fourth digest at said client device; 

and 

provided said third digest matches said fourth digest, authenticating 
said client device to said network device. 

45. (withdrawn) The computer implemented method as recited in Claim 42 
wherein step c) comprises: 

determining a fifth digest at said network device, said fifth digest 
comprising said device identifier received from said client device, said first 
secret, said first random number, and said second random number, said fifth 
digest from which said network device selects bits and determines said key; 
and 

calculating a sixth digest at said client device, said sixth digest 
comprising said device identifier, said first secret, said first random number 
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and said second random number, said sixth digest from which said client 
device selects bits and determines said key. 

46. (withdrawn) The computer implemented method as recited in Claim 42 
wherein said step d) comprises: 

transmitting a request for a userjiame and a user_credentials to said 
client device. 

sending said userjiame and said user_credentials to said network 
device from said client device; 

forwarding said userjiame and said user_credentials to said central 
authentication server from said network device; and 

employing said userjiame and said user_credentials for 
authenticating said user at said central authentication server. 

47. (withdrawn) The computer implemented method as recited in Claim 46 
further comprising: 

provided said user is authenticated at said central authentication 
server: 

sending a success message to said network device at said 
central authentication server; 

forwarding said success message to said client device at said 
network device; 

allowing said client device to access said controlled network at 
said network device; and 

provided said user is not authenticated at said central authentication 
server: 

sending a failure message to said network device at said central 
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authentication server; 

forwarding said failure message to said client device at said 
network device; 

disallowing said client device access to said controlled network 
at said network device. 

48. (currently amended) The computer implemented method as recited in 
Claim 41 wherein said first electronic d e vice is a c li e nt d e vice and said 
s e cond electronic devic e said network access point *s-a is the central 
authentication server. 

49. (currently amended) The computer implemented method of Claim 48 
wherein a network devic e is employed for providing said network access 
point provides an interface between said unauthenticated client device and 
said central authentication server. 

50. (currently amended) The computer implemented method of Claim 49 
wherein step a) comprises: 

receiving a first standard message from said unauthenticated client 
device at said network d e vic e access point ; 

forwarding said first standard message to said central authentication 
server from said network device access point ; and 

receiving said first standard message from said network devk-e access 
point at said central authentication server whereby said unauthenticated 
client device is identified to said central authentication server. 
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51. (currently amended) The computer implemented method as recited in 
Claim 50 further comprising: 

sending a second standard message to said network device access 
point from said central authentication server; and 

forwarding said second standard message to said unauthenticated 
client device from said network device access point, whereby said central 
authentication server is authenticated to said unauthenticated client device. 

52. (currently amended) The computer implemented method as recited in 
Claim 50 wherein said step c) comprises: 

sending a third standard message to said network d e vic e access point 
from said unauthenticated client device; and 

forwarding said third standard message to said central authentication 
server from said network device access point , whereby said unauthenticated 
client device is authenticated to said central authentication server to produce 
an authenticated client device . 

53. (original) The computer implemented method as recited in Claim 50 
wherein said first standard message comprises a standard EAP-TLS protocol 
message. 

54. (currently amended) The computer implemented method as recited in 
Claim 5 1 wherein said second standard message comprises a key exchange 
from said central authentication server to said unauthenticated client device. 
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55. (original) The computer implemented method as recited in Claim 51 
wherein said second standard message comprises a standard EAP-TLS 
protocol message. 

56. (currently amended) The computer implemented method as recited in 
Claim 52 wherein said third standard message comprises a key exchange 
from said unauthenticated client device to said central authentication server. 

57. (original) The computer implemented method as recited in Claim 52 
wherein said third standard message comprises a standard EAP-TLS 
protocol message. 

58. (currently amended) The computer implemented method as recited in 
Claim 41 wherein said first electronic unauthenticated client device and said 
second-etectronic device network access point are communicatively coupled 
by a wireless connection. 

59. (currently amended) The computer implemented method as recited in 
Claim 41 wherein said first e lectronic unauthenticated client device and said 
s e cond electronic device network access point are communicatively coupled 
by a wired connection. 

60. (withdrawn) The computer implemented method as recited in Claim 42 
wherein said network device is a wireless network access point. 
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